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DETAILED ACTION 



1. Clai'ms 1-20 are presented for examination. 



Claim Rejections - 35 USC §102 



2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has ftilfiUed the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 



reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 

3. Claims 1-19 are rejected under 35 U.S.C. 102(e) as being anticipated by Haverstock et al 
(hereinafter Haverstock), US 2002/0038357. 



4. 



Haverstock was cited in the last office action. 
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5. As per claims 1 and 12, Haverstock taught the claimed invention including a 
cdmputer-implemented method for conlrolling access to documents during a workflow (pp. 
0009, 0012, 0027), comprising: 

a. upon entry of a base document into a workflow, creating a working copy of the 
base document (pp. 0018, 0025); 

b. selectively providing a user access to either the base document or the working 
copy of the base document depending upon the identity of a user (pp. 0046, 0057, 
0060, 0065-0071); and 

c. selectively providing access to perform operations on the working copy of the 
base document depending upon the identity of a user (pp. 0057, 0060, 0066- 
0071). 

6. As per claim 2, Haverstock taught the invention substantially as claimed in claim 1 . 
Haverstock further taught the method to further comprising: 

a. storing access control list data in relation to the base document, the access control 
list data defining access controls on performing operations of the working copy of 
the base document (pp. 0063, 0065-0071); and 

b. storing security descriptor data in relation to the base document and the working 
copy of the base document, the security descriptor data defining access controls 
on reading the base document and the working copy of the base document (pp. 
0063, 0065-0066, 0069). 
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7. As per claims 3-4, Haverstock taught the invention substantially as claimed in claim 2. 
Haverstock further taught that wRerein'the step of selectively providing access to perform 
operations on the working copy of the base document depending upon the identity of a user (pp. 
0065-0066), further comprises: 

a. determining using the access control list data stored in relation to the base 
document that a user has/does not have permission to perform an operation on the 
copy of the base document (pp. 0057, 0063, 0065-0066, 0070-0071); and 

b. allowing/denying the user to perform the operation on the copy of the base 
document (pp. 0057). 

8. As per claims 5-6, Haverstock taught the invention substantially as claimed in claim 2. 
Haverstock further taught wherein the access control list data comprises information identifying 
for each of a plurality of operations, the set of users that have permission to perform the 
operation, and said act of selectively providing access to perform operations on the working copy 
of the base document depending upon the identity of a user (pp. 0065-0071), further comprises: 

a. referencing the information identifying for each of a plurality of operations, the 
set of users that have permission to perform the operation (pp. 0067-0071); and 

b. if the user is/is not in the set of users that have permission to perform the 
operation, providing/denying access to the operation (pp. 0057). 

9. As per claim 7, Haverstock taught the invention substantially as claimed in claim 5. 
Haverstock further taught that wherein the set of users are defined in terms of the roles that have 
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permission to perform the operation (pp. 0057, 0060, 0065-0066), and said act of referencing the 
information identifying for each of a plurality of operations, the set of users that have permission 
to perform the operation (pp. 0065-0071), further comprises: 

a. resolving for the user the set of roles to which the user has been assigned (pp. 
0057); and 

b. determining using the set of roles to which the user has been assigned and the set 
of users defined in terms of the roles that have permission to perform the 
operation, whether the user has permission to perform the requested operation 
(pp. 0065-0071). 

1 0. As per claims 8-9, Haverstock taught the invention substantially as claimed in claim 2. 
Haverstock further taught wherein the step of selectively providing a user access to either the 
base document or the working copy of the base document depending upon the identity of a user 
(pp. 0065-0066), further comprises: 

a. determining using the security descriptor data stored in relation to the base 
document and the working copy document, that a user has/does not have 
permission to read the working copy of the base document (pp. 0057, 0063, 0065- 
0066, 0070-0071); and 

b. providing/denying the user access to the working copy of the base document (pp. 
0057). 
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11. As per claim 1 0, Haverstock taught the invention substantially as claimed in claim 2. 
Havefstock further taught wherein the security descriptor data comprises information identifying 
the set of users that have permission to read each of the base document and the v^orking copy of 
the base document (pp. 0057, 0060, 0065-0066), and said act of selectively providing access to 
either the base document or the w^orking copy of the base documents depending on the identity of 
the user (pp. 0065-0071), further comprises: 

a. referencing the information identifying the set of users that have permission to 
read each of the base document and the working copy of the base document (pp. 
0067-0071); and 

b. if the user is in the set of users that have permission to read the working copy of 
the base document, providing access to the working copy of the base document 
(pp. 0057). 

12. As per claim 11, Haverstock taught the invention substantially as claimed in claim 10. 
Haverstock further taught wherein the set of users are defined in terms of the roles that have 
permission to read each of the base document and the working copy of the base document, and 
said act of referencing the information identifying the set of users that have permission to read 
each of the base document and the working copy of the base document (pp. 0065-0071), further 
comprises: 

a. resolving for the user the set of roles to which the user has been assigned (pp. 
0057); and 



Application/Control Number: 09/607, 1 70 Page 7 

Art Unit: 2154 

b. determining using the set of roles to which the user has been assigned and the set 
of user'defmed in terms of the roles that have permission to read each of the base 
document and the working copy of the base document, whether the user has 
permission to read the base document or the working copy of the base document 
(pp. 0065-0071). 



13. As per claim 13, Haverstock taught the claimed invention including a system for 
providing document isolation in a workflow environment (pp. 0009, 0012, 0027), comprising: 
a. a processor, wherein said processor is operable to execute instructions for 
performing the following acts (pp. 001 1): 

i. maintaining for a base document undergoing a publishing workflow, a 
copy of the base document (pp. 0018, 0025); 

ii. maintaining access control data in relation to the base document and the 
copy of the base document (pp. 0063, 0065-0066); and 

iii. upon receipt of a request to access the base document, selectively 
determining based on the access control data, to provide access to either 
the base document or the copy of the base document (pp. 0057, 0065- 
0071). 



14. As per claim 14, Haverstock taught the invention substantially as claimed in claim 13. 
Haverstock further taught wherein the access control data comprises security descriptor data 
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identifying the set of users that have permission to read the base document and the copy of the 
base document (pp.'0057, 0065-0071). 

15. As per claim 15, Haverstock taught the invention substantially as claimed in claim 14. 
Haverstock further taught v^herein said processor is operable to execute instructions for 
performing the following further acts: 

a. referencing the security descriptor data (pp. 0067-0071); and 

b. determining that a user should be directed to the copy of the base document based 
on the security descriptor data (pp. 0057, 0060, 0066-0071). 

16. As per claim 16, Haverstock taught the invention substantially as claimed in claim 15. 
Haverstock further taught wherein the security descriptor data identifies a set of roles 
corresponding to the set of users that have permission to read the base document and the copy of 
the base document, and wherein said processor is operable to execute instructions for performing 
the further act of determining the set of roles that a user has been assigned (pp. 0057, 0060, 
0065-0071), 

17. As per claim 17, Haverstock taught the invention substantially as claimed in claim 13. 
Haverstock further taught wherein the access control data comprises access control list data 
identifying the set of users that have permission to perform operations on the copy of the base 
document (pp. 0057, 0065-0071). 
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18. As per claim 18, Haverstock taught the invention substantially as claimed in claim 17. 
Haverstoclc further 'taught wherein said processor is operable to execute instructions for 
performing the following further acts: 

a. referencing the access control list data (pp. 0067-0071).; and 

b. determining that a user should be allowed to perform an operation on the copy of 
the base document based on the access control list data (pp. 0057, 0060, 0066- 
0071). 

19. As per claim 19, Haverstock taught the invention substantially as claimed in claim 18. 
Haverstock further taught wherein the access control list data identifies a set of roles 
corresponding to the set of users that have permission to perform operations on the copy of the 
base document, and wherein said processor is operable to execute instructions for performing the 
further act of determining the set of roles that a user has been assigned (pp. 0057, 0060, 0065- 
0071). 

Claim Rejections - 35 USC § 103 

20. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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21 . Claim 20 is rejected under 35 U.S.C. 103(a) as being unpatentable over Haverstock, US 
2002/0038357, in view'of Sudama et al (hereinafter Sudama), US 5,555,375". 

22. Haverstock and Sudama were cited in the last office action. 

23. As per claim 20, Haverstock taught the invention substantially as claimed including a 
method of updating access controls to reflect the addition of a new operation (pp. 0060 access 
privilege changed) that may be performed on a copy of a base document (role-based security 
with different level of access privilege to the document, pp. 0057, 0060, 0065-0071), in a system 
wherein access to operations to be performed on a copy of the base document are controlled 
using an access control list which identifies the operations that may be performed and the roles 
that a user must have to access those operations (pp. 0067-0071), comprising: 

a. new operations that may be performed on copy of a base document (role-based 
security with different level of access privilege to the document, pp. 0057, 0060, 
0065-0071); 

b. updating the access control list (pp. 0060), 

24. Haverstock did not specifically teach the method to comprise: assigning a unique 
identifier to the new operation that may be performed on a copy of a base document; updating 
the access control list to include an entry for the unique identifier for the new operation or to 
include an entry identifying the roles that have access to the new operation. Sudama taught to 
assign unique identifier to operations (col.5, lines 33-37, col.8, lines 55-57) for management 
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purpose. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Haverstock and Sudama because Sudama's teaching of 
assigning unique identifiers to operations to provide management benefits enables Haverstock's 
method to manage and keep track of the types of operations performed on the documents using 
the identifiers. 

25. Haverstock and Sudama did not specifically teach the method to comprise updating the 
access control list to include an entry for the unique identifier for the new operation or to include 
an entry identifying the roles that have access to the new operation. However, in order to add the 
new operation and enable the roles to have access to the new operation, the access control list 
must be updated so the authentication to the existing users is valid with the new operation since 
the access control list is in correspondence with the operations and user roles. It is an essential 
step, whether the step is done manually or automatically, that cannot be skipped. It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to recognize 
that once a new operation is introduce in Haverstock and Sudama's method, the access control 
list must be edited to provide up to date authentication to provide existing users, that have the 
privilege, to execute the new operation. 

Response to Arguments 

26. Applicant's arguments filed 10/22/2003, regarding claims 1,13 and 20 have been fully 
considered but they are not persuasive. 
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27. In the remark, applicant argued that (1) As per Claim 1, Haverstock fail to suggest nor 
teach the"liniitation of creating a working copy of the base document upon entry of a base 
document into a workflow, and selectively providing a user access to either the base document or 
the working copy of the based document depending upon the identity of a user. (2) As per Claim 
13, Haverstock fail to suggest nor teach the limitation maintaining a copy of a base document 
undergoing a publishing workflow, and upon receipt of a request to access the base document, 
selectively determining based on the access control data to provide access to either the base 
document or the copy of the based document. (3) Haverstock and Sudama fail to teach or 
suggest that unique identifiers associated with new operations may be performed on a copy of a 
base document, and updating an access control list to limit the roles that have access to the 
operation. 

28. Examiner respectfully traverse the argument: 

As to point (1), regarding Claim 1, Haverstock taught to create a working copy of the base 
document (HTML representation) upon entry of a base document (information transmitted to the 
non-HTML server module) into a workflow (pp. 0018, 0027) and selectively providing a user 
access to the working copy of the based document depending upon the identity of a user (role- 
based security with different level of access privilege to the document, pp. 0057, 0060, 0065- 
0071). 

As to point (2), regarding Claim 13, Haverstock taught to maintaining a copy of a base document 
undergoing a publishing workflow (replication, pp. 0025) and upon receipt of a request to access 
the base document (pp. 0060), selectively determining based on the access control data to 
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provide access to the copy of the based document (role-based security with different level of 
access privilege to" the document, pp. 0057, 0060, 0065-0071). 

As to point (3), regarding Claim 20, Haverstock taught the invention substantially as claimed 
including a method of updating access controls to reflect the addition of a new operation (pp. 
0060 access privilege changed) that may be performed on a copy of a base document (role-based 
security with different level of access privilege to the document, pp. 0057, 0060, 0065-0071), in 
a system wherein access to operations to be performed on a copy of the base document are 
controlled using an access control list which identifies the operations that may be performed and 
the roles that a user must have to access those operations (pp. 0067-0071), comprising: new 
operations that may be performed on copy of a base document (role-based security with different 
level of access privilege to the document, pp. 0057, 0060, 0065-0071); updating the access 
control list (pp. 0060). Haverstock did not specifically teach the method to comprise: assigning a 
unique identifier to the new operation; updating the access control list to include an entry for the 
unique identifier for the new operation or to include an entry identifying the roles that have 
access to the new operation . Sudama taught to assign unique identifier to operations (col. 5, lines 
33-37, col.8, lines 55-57, it is inherent for new operations to have assigned unique identifier) and 
use the unique identifiers to track the executions of the operations so performances can be 
notified to the user. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Haverstock and Sudama because Sudama' s 
teaching of assigning unique identifiers to operations to provide management benefits enables 
Haverstock' s method to manage and keep track of the types of operations performed on the 
documents using the identifiers. Haverstock and Sudama did not specifically the updating the 
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access control list step to include an entry for the unique identifier for the new operation or to 
include an entry identifying the roles that have access to the new operation . However, in order to 
add the new operation and enable the roles to have access to the new operation, it would have 
been obvious that the access control list must be updated so the authentication to the existing 
users is valid with the new operation since the access control list is in correspondence with the 
operations and user roles. It is an essential step, whether the step is done manually or 
automatically, that cannot be skipped since updating the access control list reflects the new 
operation and roles (pp. 0060, access privileges and user role update). It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to recognize that 
once a new operation is introduce in Haverstock and Sudama's method, the access control list 
must be edited to provide up to date authentication to provide existing users, that have the 
privilege, to execute the new operation. 

Conclusion 

29. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE -MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

30. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kenny Lin whose telephone number is (703)305-0438. The 
examiner can normally be reached on 8 AM to 5 PM Tuesday to Friday and every other Monday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on (703)305-8498. Additionally, the fax numbers for 
Group 2100 are as follows: 



Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703)305-6121. 
ksl 

December 17, 2003 



Official Responses: 



(703) 872-9306 




